Filtered by vendor Synology
Subscriptions
Filtered by product Router Manager
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-27654 | 1 Synology | 1 Router Manager | 2024-09-17 | 9.8 Critical |
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | ||||
CVE-2022-27614 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2024-09-17 | 5.3 Medium |
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-09-17 | 7.1 High |
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
CVE-2018-8918 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
CVE-2017-12078 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | ||||
CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
CVE-2020-27655 | 1 Synology | 1 Router Manager | 2024-09-17 | 6.5 Medium |
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | ||||
CVE-2020-27657 | 1 Synology | 1 Router Manager | 2024-09-16 | 6.5 Medium |
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | ||||
CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2024-09-16 | 10 Critical |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2018-1160 | 3 Debian, Netatalk, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2024-09-16 | N/A |
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | ||||
CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2024-09-16 | 5.6 Medium |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
CVE-2017-12077 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | ||||
CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-09-16 | 8.6 High |
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | ||||
CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2024-09-16 | 8.3 High |
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | ||||
CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2017-15895 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2020-27649 | 1 Synology | 1 Router Manager | 2024-09-16 | 8.3 High |
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |